MTP – Master Test Planning - Decide on test phase timing, scope & approach
SEC1 – Early Phase Security Testing - Early warnings, secure platform, process
SEC2 – Later Phase Security Testing - Complete re-tests; ISO acceptance
SAT – Systems Acceptance Testing - Systems accepted and locked down
PEN – Penetration Testing - Final external analysis with penetration approach
SEC1 – Early Phase Security Testing - Early warnings, secure platform, process
SEC2 – Later Phase Security Testing - Complete re-tests; ISO acceptance
SAT – Systems Acceptance Testing - Systems accepted and locked down
PEN – Penetration Testing - Final external analysis with penetration approach
Essential to plan and execute security testing professionally
- Security Testing is a program level test campaign integrated with UNIT, SYS, SIT, UAT, SAT etc. It’s essential that it’s planning is integrated with the others and scope and coverage agreed early (Master Test Planning)
- Significant stakeholders are the Program Test Office (Program Test Manager) and the Information Security Office (Information Security Manager and Information Risk Manager)
- Multiple test phases are likely to secure the test platforms early and attain final ISO acceptance
- Penetration testing in comparison is often executed at the very end so that there is no requirement to re-test.
